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-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timefy filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 29 March 2005 . 
2a)[X] This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 , 453 O.G. 21 3. 

Disposition of Claims 

4) 13 Claim(s) 24-41 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [X] Claim(s) 24-32. 36-41 is/are rejected. 

7) S Claim(s) 33-35 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 
2.Q Certified copies of the priority documents have been received in Application No. 



3.D Copies of the certified copies of the priority documents have been received in this National Stagex^ 
application from the International Bureau (PCT Rule 17.2(a)). Kfflfa^ 



* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Remarks \ 

1. In response to communications files on 29-March-2005, Therefore, claims 24-41 are 
presently pending in the application. 

Claim Rejections - 35 JJSC §102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AIPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 
Therefore, the prior art date of the reference is determined under 35 U.S.C. 102(e) prior 
to the amendment by the AIPA (pre-AIPA 35 U.S.C. 102(e)). 



3. 



Claims 24-26 and 36-41 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Gunter et al . (U.S. patent 6,751,728). 
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As to claim 24, Gunter et al . teaches a system, comprising: 
a distributor unit that distributes a plurality of packets and security 
association information associated with the plurality of packets according to a 
distribution scheme (see figure 3; abstract; column 1, lines 62-65; and column 2, lines 36- 
40); and 

a plurality of security processing engines, coupled to the distributor unit, 
that perform authentication and cryptographic functions (see figures 1, 3, 5, characters 
1 12 and 116, and 8, character 152; column 1, lines 66-67; and column 2, lines 1-9), 

wherein the plurality of security processing engines receive at least a 
portion of the security association information associated with the packets, and wherein 
the plurality of security processing engines process the plurality of packets in parallel 
(see column 2, lines 4-9; column 2, lines 36-50; and column 4, lines 31-35). 

As to claim 25, Gunter et al . teaches wherein the plurality of packets are buffered 
prior to being processed by the plurality of security processing engines (see column 3, 
lines 64-67 and column 4, line 1). 

As to claim 26, Gunter et al . teaches the system further comprising a classification 
module that determines security association information %associated with a plurality of 
packets, wherein the classification module is configured to provide at least a portion of 
the security information associated with the packets to the distributor unit (see column 
10, lines 19-23 and column 10, lines 33-35). 
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As to claim 36, Gunter et al . teaches wherein the system is a router (see column 4, 
lines 44-46 and column 5, lines 48-51). 

As to claim 37, Gunter et al . teaches wherein the system is a firewall (see column 
1, lines 32-35 and column 5, lines 34-37). 

As to claim 38, Gunter et al . teaches wherein the system is a network 
communication device (see abstract and column 1, lines 7-1 1). 

As to claim 39, Gunter et al . teaches wherein the system is a security gateway (see 
column 5, Lines 35-38). 

As to claim 40, Gunter et al . teaches wherein the system is a server (see column 1 , 
lines 24-26; column 6, lines 44-49; and column 6, lines 62-64). 

As to claim 41, Gunter et al . teaches wherein the system is a network line card 
(see column 4, lines 14-22). 

Claim Rejections - 35 USC § 103 
4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made to a 
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person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

5. Claim 27 is rejected under 35 U.S.C. 103(a) as being unpatentable over Gunter et al . 
(U.S. patent 6,751,728) in view of Barlow et al . (U.S patent 6,038,551). 

As to claim 27, Gunter et al . does not teach wherein the distributor unit and the 
plurality of security processing engines are on the same chip. 

Barlow et al . teaches system and method for configuring and managing 
resources on a multi-purpose integrated circuit card using a personal computer (see 
abstract), in which he teaches wherein the distributor unit and the plurality of security 
processing engines are on the same chip (see column 7, lines 42-45 and column 1 1, lines 
43-53). 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified Gunter et al. , to include wherein the 
distributor unit and the plurality of security processing engines are on the same chip. 

It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified Gunter et al. by the teaching of Barlow et al. , 
because wherein the distributor unit and the plurality of security processing engines are 
on the same chip, would enable the system because, in the illustrated embodiment, the IC 
card 14 is configured with cryptography acceleration circuitry 64, shown integrated with 
the CPU 50, which streamlines cryptography computations to improve speed (see Barlow 
et al .. column 1 1, lines 43-47). 
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6. Claims 28-32 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gunter et 
al. (U.S. patent 6,751,728) in view of Leung (U.S patent 6,760,444). 

As to claim 28, Gunter et al . does not teach wherein the security association 
information includes a sequence number, an anti-replay window, and a lifetime of the 
security association. 

Leung teaches mobile IP authentication (see abstract), in which he teaches 
wherein the security association information includes a sequence number, an anti-replay 
window, and a lifetime of the security association (see column 3, lines 45-67 and column 
4, lines 1-4). 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified Gunter et al. , to include wherein the 
security association information includes a sequence number, an anti-replay window, and 
a lifetime of the security association. 

It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified Gunter et al. by the teaching of Barlow et al. , 
because wherein the security association information includes a sequence number, an 
anti-replay window, and a lifetime of the security association, would enable the system to 
authenticate the packets applying the security association. "As described with respect to 
the authentication process, a Security Association provides information that is used to 
generate the authenticators during the authentication process", (see Leung , column 3, 
lines 45-48). 
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As to claim 29, Gunter et al as modified teaches wherein the security 
association information further includes an encapsulating security payload (ESP) 
encryption algorithm identifier and one or more ESP encryption keys (see Gunter et al , 
column 7, lines 33-39). 

As to claim 30, Gunter et al . as modified teaches wherein the security association 
information further includes an ESP authentication algorithm identifier and one or more 
ESP authentication keys (see Gunter et al ., column 7, lines 33-39). 

As to claim 31, Gunter et al as modified teaches wherein the security association 
information further includes an authentication header (AH) authentication algorithm 
identifier and one or more AI-1 authentication keys (see Gunter et al , figure 5; column 2, 
lines 4-9; and column 8, lines 22-27). 

As to claim 32, Gunter et al as modified teaches wherein the security association 
information includes protocol mode information (see Gunter et al , column 7, lines 10- 
19). 

Allowable Subject Matter 
7. Claims 33-35 are objected to as being dependent upon a rejected base claim, but would 
be allowable if rewritten in independent form including all of the limitations of the base 
claim and any intervening claims. 
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Response to Arguments 
8. Applicant's arguments filed 29-March-2005 with respect to the rejected claims in view of 
the cited references have been fully considered but they are not found persuasive: 

In response to applicants' arguments that " Gunter, does not teach a distributor 
unit that distributes a plurality of packets and security association information associated 
with the plurality of packets according to a distribution scheme; and a plurality of 
security processing engines, coupled to the distributor unit, that perform authentication 
and cryptographic functions, wherein the plurality of security processing engines receive 
at least a portion of the security association information associated with the packets, and 
wherein the plurality of security processing engines process the plurality of packets in 
parallel", the arguments have been fully considered but are not deemed persuasive, 
because Gunter et al. teaches a plurality of packets and security association information 
associated with the plurality of packets in "A method and system for network 
communication efficiently transmits encrypted packets from a sending host on an 
external network to a receiving host on an intranet through a network access point (NAP) 
of the intranet. A packet to be sent by the sending host on the external network is 
constructed with the external network address of the NAP as the destination address of 
the packet. The intranet address of the receiving host is also included in the packet in the 
non-encrypted form and is used in the calculation of the cryptographic hash or the like 
that is included in the packet for authentication purposes", (see Gunter et al .. abstract and 
also see column 1, lines 62-65; and column 2, lines 36-40); and 

a plurality of security processing engines, coupled to the distributor unit, 
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that perform authentication and cryptographic functions (see Gunter et al .. figures 1, 3, 5, 
characters 1 12 and 116, and 8, character 152; column 1, lines 66-67; and column 2, lines 
1-9), 

And Gunter et al . teaches wherein the plurality of security processing engines 
receive at least a portion of the security association information associated with the 
packets, and wherein the plurality of security processing engines process the plurality of 
packets in parallel on "When the receiving host receives the modified packet, it decrypts 
the encrypted portion and authenticates the packet by calculating another hash value 
based on the addresses and data in the received packet, and comparing this hash value 
with the hash value included in the packet", (see Gunter et al .. column 2, lines 4-9, and 
also see column 2, lines 36-50 and column 4, lines 31-35). 



Conclusion 

9. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 
706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final, action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
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extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
SIX MONTHS from the mailing date of this final action. 

10. Any inquiry concerning this communication or earlier communications from the 

examiner should be directed to Belix M. Ortiz whose telephone number is 571-272-4081. 
The examiner can normally be reached on moday-friday 9am-5pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Dov Popovici can be reached on 571-272-4083. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
bmo 



May 25, 2005 




SAM RIMELL 
PRIMARY EXAMINER 



